Stanford security experts unveil ''SPOOFGUARD''

It’s an online con that is growing fast and stealing tens of millions of dollars.

An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking Web site. Such “phishing” attacks exploit a universal weakness in online security: passwords.

To read the rest of the story and download this new utility please go here:

http://soe.stanford.edu/profiles/profile_infotech_mitchell.html

edited link to reflect correct source - Detox

 

I use the anti-phishing product inside DesktopArmor to stop this kind of thing. So far it has never failed me, and seems to pass all of the phishing tests.

 

@SDS909- As I recall, DesktopArmor's anti-phishing product works ONLY with Internet Explorer, whereas I use K-meleon.

Am I correct in my recollection, or am I having another *senior moment*?

 

Very good point, I don't believe there are any phishing protections for Mozilla. DesktopArmor seems geared heavily towards IE and development has been stagnant since 2004.

I'm REALLY hoping they upgrade the product. I find it an excellent product with some great protections, but i'd like to see a constant evolution of it - which i'm not seeing. I inquired about the development status several days ago, and have not recieved a reply.

 

A lot of this is old news. Some other quotes from the article:

--------------------
“Phishing attacks fool users into sending their passwords, in the clear, to an unintended Web site,” ...

When a potential phishing victim unwittingly enters his eBay password at a phony site posing as eBay,...
--------------------


A lot of conditions here; it's hard to believe that people still fall for this kind of scam.


-------------------
Unfortunately, users always will have to be vigilant about Internet scams and how to protect themselves,...
------------------


Why unfortunately? Users should always be vigilant about everything in their computing routines.


-------------------
SpoofGuard uses several cues to determine whether a site is questionable.It will suspect pages with names similar but not identical to major ones (e.g., [w ww.ebav.com or ww w.paypai.com),...
-------------------


I don't know why one would need a separate program to do that ... if you have firewall rules set up for your secure sites/specific IPs, then, any oubound phishing attempts as above will be blocked and you will be alerted by the firewall.

IMO articles like this, rather than being a prompt to add another security product to the system, would be better served as a lead-in to discussing how to guard against being tricked in the first place. Then, after assessing the risks, it may be that a user decides some product is necessary, but from the examples in this article, I wouldn't think so.


-rich
________________
~~Be ALERT!!! ~~

 

But with a site like this it will make it a little hard for software to detect it is a phishing scheme
here It is a really legitimate looking e-mail. But we all know that banks don't send e-mails like that,don't we??

 

Anyone try FraudEliminator yet?

 

Living in Belgium, I don't need these anti-phishing softwares.

I don't participate in foreign websites when money is involved, except Paypal.
Paypal isn't a problem, because Paypal verifies personal data via its website, not via emails. So Paypal emails are always phishing emails.
If they ever rob my Paypal account, I will survive it easily.

Most of my personal data doesn't even fit in foreign websites because they have a different structure (zip code, social security number, ...)

If I ever meet a phishing website, it won't interest me, because I'm not even interested in the original website.

I delete all my spam-emails, without even reading them.
Give me just one good reason to use it and I will change my mind.

 

Unless I have this completely wrong, ff fixed this exploit.
You may get taken to the spoof web page but the address in the bar will be the real address not he spoofed one.

None the less as noted above we do not respond to such obvious schemes.
The problem as always is raw numbers
1,000,000 scam mails sent 0.5 percent response = 5000 successes.

Please tell me if I've got this wrong

Regards

 

I wrote recently a post about lottery scams :
https://www.wilderssecurity.com/showthread.php?t=90023
It gives you a pretty good idea how many people get caught in scam traps and how profitable scams are.

The largest spam-database I ever heard of contained 250,000,000 email-addresses.
250,000,000 emails with 0.05% replies = 125,000 replies.
The last lottery scam, I've seen, asked the victim $785 in order to collect the fake big price.
125,000 replies x $785 = $98,125,000 for ONE scam-email. Easy money, isn't it ?

Phisphing emails are just another kind of scam, than lottery scams and there are many other kinds of scams.
Internet is full of them.

 

If you are a power surfer, beware of phishing-prevention/exposing tools. All of the ones I've tried, considerably slow down multi-tab simultaneous page opening and hence surfing.

 

don't mean to be pushy, but, has ff fixed this?

Regards